Vulners
Lucene search
Oracle Linux 7 : java-1.8.0-openjdk (ELSA-2018-2242)
10
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Red Hat Security Advisory RHSA-2018:2242 and
# Oracle Linux Security Advisory ELSA-2018-2242 respectively.
#
include('compat.inc');
if (description)
{
script_id(111254);
script_version("1.7");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/11/01");
script_cve_id("CVE-2018-2952");
script_xref(name:"RHSA", value:"2018:2242");
script_name(english:"Oracle Linux 7 : java-1.8.0-openjdk (ELSA-2018-2242)");
script_set_attribute(attribute:"synopsis", value:
"The remote Oracle Linux host is missing a security update.");
script_set_attribute(attribute:"description", value:
"The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the
ELSA-2018-2242 advisory.
[1:1.8.0.181-7.b13]
- Update to aarch64-jdk8u181-b13 and aarch64-shenandoah-jdk8u181-b13.
- Remove 8187577/PR3578 now applied upstream.
- Resolves: rhbz#1594249
[1:1.8.0.181-3.b04]
- Fix hook to show hs_err*.log files on failures.
- Resolves: rhbz#1594249
[1:1.8.0.181-3.b04]
- Fix requires/provides filters for internal libs. See RHBZ#1590796
- Resolves: rhbz#1594249
[1:1.8.0.181-3.b04]
- Update bug status and add missing bug IDs
- Resolves: rhbz#1594249
[1:1.8.0.181-2.b04]
- Add '8206406, PR3610, RH1597825: StubCodeDesc constructor publishes partially-constructed objects on
StubCodeDesc::_list'
- Resolves: rhbz#1594249
[1:1.8.0.181-1.b04]
- Add hook to show hs_err*.log files on failures.
- Resolves: rhbz#1594249
[1:1.8.0.181-1.b04]
- Mark bugs that have been pushed to 8u upstream and are scheduled for a release.
- Resolves: rhbz#1594249
[1:1.8.0.181-1.b04]
- Update to aarch64-jdk8u181-b04 and aarch64-shenandoah-jdk8u181-b04.
- Resolves: rhbz#1594249
[1:1.8.0.181-0.b03]
- Update to aarch64-jdk8u181-b03 and aarch64-shenandoah-jdk8u181-b03.
- Remove AArch64 patch for PR3458/RH1540242 as applied upstream.
- Resolves: rhbz#1594249
[1:1.8.0.172-4.b11]
- Read jssecacerts file prior to trying either cacerts file (system or local) (PR3575)
- Resolves: rhbz#1593737
[1:1.8.0.172-3.b11]
- Update Shenandoah tarball to fix TCK overflow failure.
- Resolves: rhbz#1588364
[11:1.8.0.172-3.b11]
- jsa files changed to 444 to pass rpm verification
- Fix reg-ex for filtering private libraries' provides/requires.
- Resolves: rhbz#1588364
[1:1.8.0.172-2.b11]
- Remove build flags exemption for aarch64 now the platform is more mature and can bootstrap OpenJDK with
these flags.
- Remove duplicate -fstack-protector-strong; it is provided by the RHEL cflags.
- Resolves: rhbz#1588364
[1:1.8.0.172-1.b11]
- Fix a number of bad bug identifiers (PR3546 should be PR3578, PR3456 should be PR3546)
- Resolves: rhbz#1588364
[1:1.8.0.172-1.b11]
- Update Shenandoah tarball to include 2018-05-15 merge.
- Split PR3458/RH1540242 fix into AArch64 & Zero sections, so former can be skipped on Shenandoah builds.
- Drop PR3573 patch applied upstream.
- Restrict 8187577 fix to non-Shenandoah builds, as it's included in the new tarball.
- Resolves: rhbz#1588364
[1:1.8.0.172-1.b11]
- Sync with IcedTea 3.8.0.
- Label architecture-specific fixes with architecture concerned
- x86: S8199936, PR3533: HotSpot generates code with unaligned stack, crashes on SSE operations
(-mstackrealign workaround)
- PR3539, RH1548475: Pass EXTRA_LDFLAGS to HotSpot build
- 8171000, PR3542, RH1402819: Robot.createScreenCapture() crashes in wayland mode
- 8197546, PR3542, RH1402819: Fix for 8171000 breaks Solaris + Linux builds
- 8185723, PR3553: Zero: segfaults on Power PC 32-bit
- 8186461, PR3557: Zero's atomic_copy64() should use SPE instructions on linux-powerpcspe
- PR3559: Use ldrexd for atomic reads on ARMv7.
- 8187577, PR3578: JVM crash during gc doing concurrent marking
- 8201509, PR3579: Zero: S390 31bit atomic_copy64 inline assembler is wrong
- 8165489, PR3589: Missing G1 barrier in Unsafe_GetObjectVolatile
- PR3591: Fix for bug 3533 doesn't add -mstackrealign to JDK code
- 8184309, PR3596: Build warnings from GCC 7.1 on Fedora 26
- Resolves: rhbz#1588364
[1:1.8.0.172-0.b11]
- Update to aarch64-jdk8u172-b11 and aarch64-shenandoah-jdk8u172-b11.
- Resolves: rhbz#1588364
[1:1.8.0.171-9.b12]
- Update to aarch64-jdk8u171-b12 and aarch64-shenandoah-jdk8u171-b12.
- Remove patch for 8200556/PR3566 as applied upstream.
- Resolves: rhbz#1588364
Tenable has extracted the preceding description block directly from the Oracle Linux security advisory.
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://linux.oracle.com/errata/ELSA-2018-2242.html");
script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-2952");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2018/07/18");
script_set_attribute(attribute:"patch_publication_date", value:"2018/07/24");
script_set_attribute(attribute:"plugin_publication_date", value:"2018/07/24");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:java-1.8.0-openjdk");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:java-1.8.0-openjdk-accessibility");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:java-1.8.0-openjdk-accessibility-debug");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:java-1.8.0-openjdk-debug");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:java-1.8.0-openjdk-demo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:java-1.8.0-openjdk-demo-debug");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:java-1.8.0-openjdk-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:java-1.8.0-openjdk-devel-debug");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:java-1.8.0-openjdk-headless");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:java-1.8.0-openjdk-headless-debug");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:java-1.8.0-openjdk-javadoc");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:java-1.8.0-openjdk-javadoc-debug");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:java-1.8.0-openjdk-javadoc-zip");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:java-1.8.0-openjdk-javadoc-zip-debug");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:java-1.8.0-openjdk-src");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:java-1.8.0-openjdk-src-debug");
script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:7");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Oracle Linux Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2018-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list");
exit(0);
}
include('rpm.inc');
if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');
var os_release = get_kb_item("Host/RedHat/release");
if (isnull(os_release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:os_release)) audit(AUDIT_OS_NOT, 'Oracle Linux');
var os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:os_release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');
os_ver = os_ver[1];
if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 7', 'Oracle Linux ' + os_ver);
if (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);
var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);
var pkgs = [
{'reference':'java-1.8.0-openjdk-1.8.0.181-3.b13.el7_5', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},
{'reference':'java-1.8.0-openjdk-accessibility-1.8.0.181-3.b13.el7_5', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},
{'reference':'java-1.8.0-openjdk-accessibility-debug-1.8.0.181-3.b13.el7_5', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},
{'reference':'java-1.8.0-openjdk-debug-1.8.0.181-3.b13.el7_5', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},
{'reference':'java-1.8.0-openjdk-demo-1.8.0.181-3.b13.el7_5', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},
{'reference':'java-1.8.0-openjdk-demo-debug-1.8.0.181-3.b13.el7_5', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},
{'reference':'java-1.8.0-openjdk-devel-1.8.0.181-3.b13.el7_5', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},
{'reference':'java-1.8.0-openjdk-devel-debug-1.8.0.181-3.b13.el7_5', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},
{'reference':'java-1.8.0-openjdk-headless-1.8.0.181-3.b13.el7_5', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},
{'reference':'java-1.8.0-openjdk-headless-debug-1.8.0.181-3.b13.el7_5', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},
{'reference':'java-1.8.0-openjdk-javadoc-1.8.0.181-3.b13.el7_5', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},
{'reference':'java-1.8.0-openjdk-javadoc-debug-1.8.0.181-3.b13.el7_5', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},
{'reference':'java-1.8.0-openjdk-javadoc-zip-1.8.0.181-3.b13.el7_5', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},
{'reference':'java-1.8.0-openjdk-javadoc-zip-debug-1.8.0.181-3.b13.el7_5', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},
{'reference':'java-1.8.0-openjdk-src-1.8.0.181-3.b13.el7_5', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},
{'reference':'java-1.8.0-openjdk-src-debug-1.8.0.181-3.b13.el7_5', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},
{'reference':'java-1.8.0-openjdk-1.8.0.181-3.b13.el7_5', 'cpu':'i686', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},
{'reference':'java-1.8.0-openjdk-accessibility-1.8.0.181-3.b13.el7_5', 'cpu':'i686', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},
{'reference':'java-1.8.0-openjdk-accessibility-debug-1.8.0.181-3.b13.el7_5', 'cpu':'i686', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},
{'reference':'java-1.8.0-openjdk-debug-1.8.0.181-3.b13.el7_5', 'cpu':'i686', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},
{'reference':'java-1.8.0-openjdk-demo-1.8.0.181-3.b13.el7_5', 'cpu':'i686', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},
{'reference':'java-1.8.0-openjdk-demo-debug-1.8.0.181-3.b13.el7_5', 'cpu':'i686', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},
{'reference':'java-1.8.0-openjdk-devel-1.8.0.181-3.b13.el7_5', 'cpu':'i686', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},
{'reference':'java-1.8.0-openjdk-devel-debug-1.8.0.181-3.b13.el7_5', 'cpu':'i686', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},
{'reference':'java-1.8.0-openjdk-headless-1.8.0.181-3.b13.el7_5', 'cpu':'i686', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},
{'reference':'java-1.8.0-openjdk-headless-debug-1.8.0.181-3.b13.el7_5', 'cpu':'i686', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},
{'reference':'java-1.8.0-openjdk-javadoc-1.8.0.181-3.b13.el7_5', 'cpu':'i686', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},
{'reference':'java-1.8.0-openjdk-javadoc-debug-1.8.0.181-3.b13.el7_5', 'cpu':'i686', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},
{'reference':'java-1.8.0-openjdk-javadoc-zip-1.8.0.181-3.b13.el7_5', 'cpu':'i686', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},
{'reference':'java-1.8.0-openjdk-javadoc-zip-debug-1.8.0.181-3.b13.el7_5', 'cpu':'i686', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},
{'reference':'java-1.8.0-openjdk-src-1.8.0.181-3.b13.el7_5', 'cpu':'i686', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},
{'reference':'java-1.8.0-openjdk-src-debug-1.8.0.181-3.b13.el7_5', 'cpu':'i686', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},
{'reference':'java-1.8.0-openjdk-1.8.0.181-3.b13.el7_5', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},
{'reference':'java-1.8.0-openjdk-accessibility-1.8.0.181-3.b13.el7_5', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},
{'reference':'java-1.8.0-openjdk-accessibility-debug-1.8.0.181-3.b13.el7_5', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},
{'reference':'java-1.8.0-openjdk-debug-1.8.0.181-3.b13.el7_5', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},
{'reference':'java-1.8.0-openjdk-demo-1.8.0.181-3.b13.el7_5', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},
{'reference':'java-1.8.0-openjdk-demo-debug-1.8.0.181-3.b13.el7_5', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},
{'reference':'java-1.8.0-openjdk-devel-1.8.0.181-3.b13.el7_5', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},
{'reference':'java-1.8.0-openjdk-devel-debug-1.8.0.181-3.b13.el7_5', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},
{'reference':'java-1.8.0-openjdk-headless-1.8.0.181-3.b13.el7_5', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},
{'reference':'java-1.8.0-openjdk-headless-debug-1.8.0.181-3.b13.el7_5', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},
{'reference':'java-1.8.0-openjdk-javadoc-1.8.0.181-3.b13.el7_5', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},
{'reference':'java-1.8.0-openjdk-javadoc-debug-1.8.0.181-3.b13.el7_5', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},
{'reference':'java-1.8.0-openjdk-javadoc-zip-1.8.0.181-3.b13.el7_5', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},
{'reference':'java-1.8.0-openjdk-javadoc-zip-debug-1.8.0.181-3.b13.el7_5', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},
{'reference':'java-1.8.0-openjdk-src-1.8.0.181-3.b13.el7_5', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},
{'reference':'java-1.8.0-openjdk-src-debug-1.8.0.181-3.b13.el7_5', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'}
];
var flag = 0;
foreach var package_array ( pkgs ) {
var reference = NULL;
var _release = NULL;
var sp = NULL;
var _cpu = NULL;
var el_string = NULL;
var rpm_spec_vers_cmp = NULL;
var epoch = NULL;
var allowmaj = NULL;
var exists_check = NULL;
if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
if (!empty_or_null(package_array['release'])) _release = 'EL' + package_array['release'];
if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];
if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];
if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];
if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];
if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];
if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];
if (reference && _release) {
if (exists_check) {
if (rpm_exists(release:_release, rpm:exists_check) && rpm_check(release:_release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;
} else {
if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;
}
}
}
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_WARNING,
extra : rpm_report_get()
);
exit(0);
}
else
{
var tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'java-1.8.0-openjdk / java-1.8.0-openjdk-accessibility / java-1.8.0-openjdk-accessibility-debug / etc');
}
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
01 Nov 2024 00:00Current
6.7Medium risk
Vulners AI Score6.7
CVSS 3.13.7
CVSS 24.3
EPSS0.00105
SSVC